Blog Post

The Cybers are coming and you’re out of bullets

Jordan

Unlike in the arcade games where you have an unlimited number of bullets to defend yourself, in the battle to keep your computers virus free the game has started and you don’t even have a gun. The fact is in the world of computers and technology unless you are, or have the support of a nation state “fighting back” against an online attacker could land you in jail for years. There are however things you can do to keep yourself safe, we’ve covered some of these in past articles but I’ll try to at least mention (link to) them here to make this article as complete as possible without being any longer. This post will be a refresh of Peter Wallace’ post What can I do to stay safer online? I will also be posting an article in the near future about protecting your computer and the end of XP.

Use your best Judgment – When you’re at work, you are a gateway to your company, and when you’re at home, you’re a gateway to your family. Depending on how well you keep work and personal email or internet use separated, will affect how and where you see different kinds of attacks. Your family will most likely be targeted in a more general way for access to things like your webcams, computers, bank accounts and email addresses, where as your company may be targeted more specifically for all those same sorts of things as well as company info like sales numbers, suppliers, customer data, and your secret sauce. While the goals of an attacker may be varied, the same defenses you use to protect your family will also be effective at work. The two primary ways people interact with the internet are email and web browsing, so that is where the attackers are focusing their attention.
Email – Writing an email is very much like sending a post card in the mail, there is no envelope so if the postmaster decides to pick it up and read it they can, and the person sending it can write anything they want on it including any return address, so even if you trust who it is supposed to be from, take it with a grain of salt. In a business setting one of an attackers favorite tactics is to pretend to be Bob in accounting and “accidentally” send you something important looking like ‘Proposed payroll changes.doc’ for your review, now if you’re not expecting that, or have no business seeing your departments salaries, there is a pretty good chance that it’s a fake document with a virus inside it. Another common attach used in phishing emails is to send an official looking email from your bank or FedEx that request a prompt response to correct a problem with a link to a lookalike domain where they can either try to get your browser to download malware or steal your credentials. Our recommendation is simple, be careful with attachments and think twice or maybe thrice before enabling active content in office documents. If the email seems off for any reason, DON’T CLICK THAT LINK. It only take an extra couple of seconds to open a new tab in your web browser and type in the website you’re trying to get to, this is especially important if you are going to your bank or somewhere that a compromise would be more than just inconvenient but could have immediate real work consequences.
Browser – This is your primary portal to the world wide web, arguably one of the most powerful programs on most peoples computers, and as such is worth some thought in how you and your family use it. My personal go to browsers are Firefox and Google Chrome because they run on almost every operating system. Although if you’re using the latest version of Internet Explorer or Safari on Apple you’re probably ok. Once you’re using a good browser, we have a couple more tidbits of advice that will help you make sure you’re safe, the first is if you’re going to your bank, type ‘mybank.com’ in the address bar and then watch to make sure the little lock icon shows up, rather than just searching for ‘my bank’ on in your search box, You can also save bookmarks of the sites you go to the most often so you can just click a button on your web browser rather than needing to type an address out. One last thing to remember, if you’re entering sensitive information into a web page glance up at your address bar and look for the lock icon and the ‘https’ before the web address to make sure the page is encrypting your data before it gets sent off over the internet. I normally consider login information, or any 3 other pieces of identifying information to be sensitive. Personally identifiable information are things like name, telephone number, email address, home address, or employer.
Securing Accounts – Now that you’ve secured your access to the internet, it’s time to make sure your accounts online don’t get compromised. The first step is to make sure you have unique strong passwords. By now everyone probably knows that a strong password “should” have UPPERCASE, lowercase, numbers (123..), and symbols(!@#..). Heading that advice you would probably think that this ‘K0aL!uAF’ would be a great password. Unfortunately you would also be wrong, for starters its only 8 characters long, which is short enough to crack pretty easily and secondly unless you’re a cyborg or a total nerd you’ll never remember 5-10 unique passwords like that for your most critical accounts. For passwords you need to remember we still recommend unique passwords for each site, and using all the character types if you can but we are learning that length matters more than complexity, but you do need to avoid patters. So what might a good password look like these days? The 3 most important this are: 1. Make it something you can remember 2. Avoid patterns, and 3. More than 15 characters long. Hitting all character types shouldn’t be hard, but its also not nearly as critical as the length. For example you could try something like ‘MYcaTs^Eat=9.d0GFish!’ I’ve mixed it up a little but you could probably remember that if you had to. But there is one more trick that can make using, even a password like this tH6w!#A*grQa^!yVDvdQfmP easy. This ‘trick’ is really a tool, called a Password Manager, and we strongly recommend everyone use them. Two of the most highly recommended ones are Lastpass.com and and KeyPass, but rather than telling you what to use, do a search for password manager, and check out this Life Hacker comparison article. On top of making password management a breeze using a password manager to auto fill your username and password, will prevent a key-logging virus from capturing your username and password.

Now that you know – You can’t even begin to make wise choices and use your best judgment until you know where the pitfalls are. So go tell your friends, family and coworkers what you know about being safe online. Just like you wouldn’t let a friend go through a bad part of town without at least warning them to be careful don’t let your friends and family get attacked online without knowing how to defend themselves. If you have favorite tips or tactics that I missed, or questions about the topics I breezed over in this article, please leave us a note in the comments.

< Older Post Newer Post >

Mail

Catching the Big Phish

By Eberly Systems • 20 Sep, 2024

We're all in the same boat trying to avoid cybercrime! Here's our top ways to identify a potential phishing attempt.

Key Notes from the Security Team: Q3 2024

By Eberly Systems • 10 Sep, 2024

Focus on integrating with new team members and new customers

Key Notes from the Security Team: Q2 2024

By Eberly Systems • 09 Jul, 2024

Keeping you abreast of security news

Eberly Systems Acquires Lebanon County LYLAB Technology Solutions

By Eberly Systems • 02 May, 2024

West Lawn, PA, May 2, 2024 — Eberly Systems , the West Lawn-based managed IT services and managed voice provider, today announces its acquisition of the Lebanon-based LYLAB Technology Solutions. Eberly Systems seeks to further a movement of people who are motivated and equipped to make a difference in their world through their daily work. They believe in building lasting partnerships based on trust and transparency while delivering industry-leading solutions to support and protect critical business assets. Driven by the principles of people, excellence, integrity, and stewardship, the team prides itself on partnering with companies to securely, reliably, and efficiently grow their businesses. “We cannot be more excited to join forces with the LYLAB team,” comments Kordel Eberly, Eberly Systems President & Founder. “ The integration of LYLAB Technology Solutions into Eberly Systems solidifies our commitment to providing small businesses with unparalleled service and support. We’re proud of this new opportunity to carefully design and manage the IT infrastructure and systems of even more local businesses and communities.” The acquisition solidifies the Eberly Systems commitment to supporting businesses in Lebanon County. Merging the two teams together as one entity offers the collective team the benefit of enhancing capabilities, refining processes, and extending reach to better serve the evolving needs of small businesses in the surrounding area. Future plans include expanding their presence into Lancaster County.

Navigating Small Business Success: The Power of IT Outsourcing for SMBs

By Eberly Systems • 16 Jan, 2024

A trusted MSP can be your invaluable strategic partner.

Enhancing Business Security and Productivity with Microsoft Office 365

By Eberly Systems • 02 Jan, 2024

These 5 key features of Office 365 Business Premium make it essential for businesses to have.

Key Notes from the Security Team: Q4 2023

By Eberly Systems • 19 Dec, 2023

Eberly Systems has been hard at work over the last year in a concerted effort to enhance the security posture of our clients’ information technology environments. Here are the quarterly updates.

Customer Success Story: Construction

By Eberly Systems • 03 Jul, 2023

After years of steady growth, the workforce at a construction development and property management company was becoming increasingly frustrated by disorganized data. Eberly Systems deployed a hybrid cloud storage solution for efficiency and secure data access.